prosody-modules: mod_s2s_auth_dane/README.markdown comparison

merged upstream changes

author	tmolitor <thilo@eightysoft.de>
date	Sun, 12 Feb 2017 21:24:08 +0100
parents	a6486881fe42
children	daabba8fb45b

comparison

equal deleted inserted replaced

-:d300ae5dba87
+:5ca2470a7755
 _xmpp-server._tcp.example.com IN SRV 0 0 5269 xmpp.example.com.
 ; IPv4 and IPv6 addresses
 xmpp.example.com. IN A 192.0.2.68
 xmpp.example.com. IN AAAA 2001:0db8:0000:0000:4441:4e45:544c:5341
-; The DANE TLSA records.  These three are equivalent, you would use only one of them.
+; The DANE TLSA records.
-; First, using symbolic names:
-_5269._tcp.xmpp.example.com. 300 IN TLSA DANE-EE Cert SHA2-256 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
-; Using numbers:
 _5269._tcp.xmpp.example.com. 300 IN TLSA 3 0 1 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
-; Raw binary format, should work even with very old DNS tools:
+; If your zone file tooling does not support TLSA records, you can try the raw binary format:
 _5269._tcp.xmpp.example.com. 300 IN TYPE52 \# 35 030001E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
 [List of DNSSEC and DANE
 tools](http://www.internetsociety.org/deploy360/dnssec/tools/)
 Compatibility
 =============
 Requires 0.9 or above.
+Known issues
+============
+-   A race condition between the DANE lookup and completion of the TLS
+handshake may cause a crash. This does not happen in **trunk**
+thanks to better async support.

Mercurial > prosody-modules